suddenly unable to logon to laptop when remote: "Domain is unavailable".

Posted on 2006-11-27
Last Modified: 2010-04-18
I am hoping that someone out there has seen this issue before and can help me understand what happened.  I have a user with a laptop who often works remotely.  She has a non-roaming profile, so when remote, she logs into her computer using her domain credentials and uses the local profile, all as we would expect.  This has been working for about a year.

Suddenly today, she was trying to start a program using "run as" for admin rights (as she has done successfully for many months).  The system refused the password ("...username or password are incorrect").  I had her log off and try logging on as that user, but it would not do so because "the domain controller cannot be reached".  "OK", i think, "maybe I never logged into her computer as that admin user".  So I have her try using my admin credentials that I know I have used on her machine before, and it logs in ok.  I have her log back in as herself and try to "run as" the account that we just succeeded as logging in as, but it tells her "bad username or password".  

Frustrated, I think I will have her log back in under my credentials and make her account a local admin.  However, once we log out, we are no longer able to log in as this same admin user; we get "the domain controller cannot be reached.".  In fact, we can no longer log in even as her original user!  We appear to be completely unable to log into the machine because it cannot find a DC!!  

I have never had this problem before and am rather stumped as to what could have caused it?  Does anyone out there have any idea
   A) why might this happen?
   B) how can I get around the problem?
   C) how can I prevent it happening again?

I am working on solving number B right now.  Currently, I have the user looking for a network cable she can borrow.  I am thinking maybe I can have her put a check in "log in using dial-up networking" and connect to the VPN as she logs in. thus allowing her computer to talk to the domain controller.  Any thoughts on if this would work?

The user is remote for a series of meetings and not having access to her computer is causing a LOT of stress right now, so any thoughts on solving this are greatly appreciated!

Thank you!
Question by:boydicus
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
LVL 51

Expert Comment

ID: 18021924
It's all about the profile.

Runas will work as expected while connected to the domain.
Runas will work as expected, provided the credentials used have a profile on the machine (have logged on at least once on the domain).
Runas will not work when trying to use credentials that don't satisfy one of the above.

Now, changing the user's rights basically broke the "cached" security token and therefore broke the cached logon - which requires reaching out to the DC to rebuild the token and recache it.

The fix....connect it to the domain and log in once.

LVL 51

Accepted Solution

Netman66 earned 500 total points
ID: 18021955
As long as the VPN Connectoid is in the Dial Up entries, then using dial up should work.

To fix her temporarily if everything else fails, have her logon with your credentials (which should still be cached) and create a local user account that is part of the admin group.

She can then get her stuff via Documents and Settings\Profile of user\My Documents and/or Desktop.


Author Comment

ID: 18022210
Netman66, thanks for your reply.  Please note that I never got a chance to change the user's profile.  In fact, it appears that "the problem" occurred while she was logged in.  I logged her out, then logged in as myself once, then logged in as herself once, and after that have been unable to log in as anyone.  The original account she was trying to use for "run as" was a local admin account, for what it is worth.

Any further thoughts would be greatly appreciated.
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 51

Expert Comment

ID: 18023178
Didn't I read that when you logged in you added her to the Admin group?

Runas the local Admin account shouldn't have thrown any errors though...

So, the local Admin account doesn't work either?
LVL 51

Expert Comment

ID: 18023263
You may also want to check to see if her actual account in AD has expired as well.


Author Comment

ID: 18025248
no, when I logged in as me initially it was just to see if it was possible.  I didnt think of adding her to admin group until my credentials failed on "run as".  Then I tried to log in as me again but was denied.  At that point I was unable to log back in as anyone.  

I used Remote Desktop to connect to a machine on her local network and was able to log in as her, so her account is good.  
LVL 51

Expert Comment

ID: 18032287
Well, unless you can get her logged in with a local account, it may be necessary to have her log back in while connected to the LAN.

It sounds like all the cached credentials are messed up.


Author Comment

ID: 18040639
agreed.  To make it even more bizarre, she sent me a message that she just kept trying and trying the different accounts out of desperation, and suddenly "it started working".  I believe that she was able to log in using the connection to the VPN and this refreshed the credentials.  She can't confirm that this happened since by the end she was pretty much just flailing around.  I just wish I knew why this happened and how to guard against it in the future.  Thanks for the help.

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Learn about cloud computing and its benefits for small business owners.
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below.…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question